Outline for January 22, 2003

Reading: Robust Programming handout

Discussion Problem

Microsoft spent February of last year teaching its programmers how to
check their code for security vulnerabilities and how to introduce
common security flaws. Yet many Microsoft programs still have security
vulnerabilities. Wha problems do you think Microsoft encountered, and
will encounter, in trying to find and clean up the vulnerabilities in
its systems?

Outline for the Day

Common Implementation Vulnerabilities

Unknown interaction with other system components
(DNS entry with bad names, assuming finger port is finger and not
chargen)